[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

A case for SSL specialist programmers

Hi, to some https super gurus maybe on this forum! 

I´ve did some easy research over the net about different approach 
for websites fooling out real IP numbers from users, and besides 
the usual stuff (javascript, active-x, flash plugins etc) I get 
some hints about the https SSL protocol itself may collect the 
users real IP, also when the user is using anonymizers. 

When I check at the https://proxify.com/whoami/ trough Tor, I 
only see the Tor exit node IP and not my real. Same thing when 
cheking my SSL webmail accounts log of login IP and also in 
the headers of emails send from that https webmail, it only 
shows the Tor exit node IP. 

The question is then, are that perhaps any hidden information 
streams into the SSL connection, that is able to get the real 
IP, but only make the last IP (Tor exit node) visible to user? 

Or is it that simple, when the Tor IP is showed, then it´s the 
only IP the https website collect? 

Thanks for any answer of knowledge. 

http://www.fastmail.fm - The way an email service should be